Imagine you receive an email from your friend inviting you to a party. You click on the attachment, which should have more information … and the screen suddenly goes black. Only one message appears: “Your device has been locked. Pay XXX to access your files”.
You have just been the victim of a ransomware attack that costs individuals and companies hundreds of millions of euros worldwide every year.
What is a ransomware attack?
Ransomware is a type of attack that uses malware to encrypt your files, folders, hard drives or entire devices. Once your data is encrypted, the only person who can decrypt it is the hacker, because he holds the encryption key.
In order to access your data, the hacker demands a ransom, ransom in English. This ransom typically ranges from tens to hundreds of euros, and for encrypted sensitive company data, the sums can run into thousands or even tens of thousands of euros. It always depends on exactly what the data is and what it is worth.
As part of the attack, you are given instructions on how and where to make the payment, and the hacker promises to make the data available again once he receives the payment.
Types of ransomware
You may come across different forms of ransomware:
- Encryption ransomware – The most common type of ransomware. This is a type of malware that encrypts your files, folders or hard drives. The attacker requires payment to unlock the data.
- Device lock – The attacker locks the device so it cannot be used. This type of attack is most common on Android phones.
- Scareware – This is fake ransomware that may appear as a pop-up saying that your data has been encrypted or that the device will be locked. To prevent this from happening, the attacker demands payment. But in reality, the data was not at risk and the attacker was just scaremongering.
- Doxware or leakware – In addition to encrypted data, the attacker also threatens that if you don’t pay, your data will be leaked to the internet.
How does ransomware get into your device?
The most common way to get into your device is phishing. These emails look like they come from a legitimate source such as a bank, employer or friend. Attached to the email is a malicious file or link, both of which lead to the download of malware.
In addition to phishing, some hackers may use social engineering attacks. Some ransomware attacks may disguise themselves as a warning from the police. For example, they may state that you are watching illegal content or have pirated software installed. The attacker then demands payment of a fine. The attacker also relies on the fact that most people do indeed own some software illegally, or you have indeed downloaded a movie from the Internet without paying. That’s why you’d better not report this attack to the authorities, lest you still get in trouble.
How do hackers choose their victims?
Both individuals and large companies can fall victim to ransomware. Typically:
- Organizations with poor security standards and large databases – For example, universities or small businesses that have small IT teams but have a lot of sensitive information.
- Entities that desperately need access to their files – For example, governments or healthcare facilities. Such organizations can’t afford to lose access to their data for even a few hours, which means they’re more likely to pay the ransom quickly.
- Large corporations – Losing access to data and not having it for long periods of time could cause more damage to these companies than paying the ransom. Large companies are also concerned about reputation, so they want to deal with everything quickly and without undue attention.
Can you remove ransomware?
It is possible to remove the malware so that no more data will be encrypted, but a cryptographic key is needed to recover the encrypted data. Security software can decrypt some types of ransomware, but it always depends on the sophistication of the attack.
What to do if you fall victim to ransomware. Should you pay?
Whether to pay the ransom is your decision and depends very much on the situation you are in.
Most security experts will advise you not to pay because hackers will encourage you to continue using ransomware. Also, you cannot be sure that the hacker will actually decrypt your data and you will be able to access it.
In some situations, however, your data will be more valuable than the ransom you have to pay. You may really need the data right away, and waiting means big damage. Hackers usually set the price to be less than the damage or the cost of recovering your files.
What is the best protection against ransomware
- Learn to spot phishing – Watch out for email attachments and suspicious links. Don’t click on them or download them if you weren’t expecting them or if you don’t know they came from a legitimate source. If you run a business or manage a team, don’t hesitate to educate others.
- Use an antivirus program – Ransomware attacks are of course becoming more sophisticated and antivirus programs may not always help. But in many cases, they have saved data.
- Update your operating system and security software regularly – Don’t ignore notifications and install updates as soon as possible.
- Back up your files – You should keep key files in multiple locations. If someone encrypts your computer, you can get to them without having to pay someone a ransom. Even a “successful” ransomware will thus become a minor inconvenience rather than an actual disaster.